How to Use “ipset” to Block IPs from Country

Previously we learned how we can restrict or allow a particular country using GeoIP but in this article, we’ll cover how we can block large IP ranges using ipset module with iptables. IPset is a command line based utility which is used to administer the framework called IP sets inside the Linux kernel. An IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set. It is an associative application for the iptables Linux firewall which allows us to setup rules quickly and easily to block a set of IP addresses. Here, we’ll see how we can use ipset module with iptables to block a large ranges of IP addresses in our linux based machine.